[Ndn-interest] Complete trust management from scratch in ndn-cxx
Matteo Bertolino
Matteo.Bertolino at eurecom.fr
Mon Oct 16 11:49:16 PDT 2017
Hello,
why do you have the "//" in each line of the validator?
I am by phone so I cannot provide you easily a good answer, but you
can find a completed and commented use case here:
https://github.com/MatteoBertolino92/NDN-matteo/blob/master/ndncxx_miniNDN_someUseCases_nacks__certificates__interest_verification.pdf
Section 3. Write me if u need some clarifications.
Matteo
Quoting Micha? Król <m.krol at ucl.ac.uk>:
> Dear all,
>
> I'm struggling with setting up a simple trust/security system in NDN. I
> find it difficult to find an updated set information that will work for
> all system components. Please correct me if I misunderstood something.
>
> I have a very simple scenario: one producer and one consumer on one
> machine. I want to have a central entity (root) and a publisher
> (publisher) that will be allowed to publish trusted content.
>
> I first create the root certificate using ndnsec and selfsign it: /
> /
>
> / ndnsec-key-gen -n /root//
> /
>
> / ndnsec-sign-req /root > root.cert/
>
> Next I create a certificate for the publisher and sign it using the root
> certificate:
>
> / ndnsec-key-gen -n /root/publisher > unsigned_publisher.cert//
> // ndnsec-cert-gen -S 201510080000 -E 202010080000 -s /root -i
> /root/publisher -r unsigned_publisher.cert > publisher.cert/
>
>
> I then used the publisher identity to sign the data:
>
> / m_ident = m_keyChain.createIdentity(Name("/root/publisher"));//
> // m_info = ndn::security::SigningInfo(m_ident);/
>
> / m_keyChain.sign(*data, m_info);/
>
> On the consumer side I use a validator to validate data:
>
> / m_validator->load("sample.cfg");/
>
> / m_validator->validate (data,//
> // ndn::bind(&Consumer::onValidated, this, _1),//
> // ndn::bind(&Consumer::onValidationFailed, this, _1, _2));/
>
>
> I want to trust everything signed with the publishers key. The
> sample.cfg is:
>
> / rule//
> // {//
> // id "Sample Rule"//
> // for data//
> // filter//
> // {//
> // type name//
> // name /root/publisher//
> // relation is-prefix-of//
> // }//
> // checker//
> // {//
> // type hierarchical//
> // sig-type rsa-sha256//
> // }//
> // }//
> //
> // trust-anchor//
> // {//
> // type file//
> // file-name "root.cert"//
> // }/
>
>
> Now, when I launch the consumer, it issues an interest, gets the data,
> issues another interest to get the key
> (/root/publisher/KEY/4%05i%7E%3C%F6%87%2F/%FD%00%00%01_%25%8Bz%80), but
> ends up with an error:
>
> / Malformed certificate (Name does not follow the naming convention
> for certificate). /
>
>
> My question is now, is it how I'm supposed to do this? If yes, what's
> the problem here? If not, is there any example tutorial, walking through
> the all steps of managing trust in NDN (ndnsec, app, validator)?
>
> Thanks in advance,
>
> Micha?
>
>
-------------------------------------------------------------------------------
This message was sent using EURECOM Webmail: http://webmail.eurecom.fr
More information about the Ndn-interest
mailing list